To be able to make outgoing HTTPS connections through the SOAP, HTTP-REST and Orchestrator Configuration plug-ins to servers that require TLSv1.1 or TLSv1.2, when using vRealize Orchestrator 6.0.2 and 6.0.3, you must enable TLSv1.1 or TLSv1.2 manually.

The issue might occur in the SOAP, REST and Configuration plug-ins in Orchestrator. When you make connections to servers that require TLSv1.1 or TLSv1.2, you might receive this error and you must enable the protocols manually:

[vCO] InternalError: Remote host closed connection during handshake (Workflow:Import a certificate from URL with certificate alias.

VMware vRealize Orchestrator 6.0.x

To enable TLSv1.1 and TLSv1.2, you must change the https.protocols java property.

1. Log in to the Orchestrator Appliance through SSH as root.
   
   ssh -l root [vco_appliance_ip]
   
   
2. Take a backup of the setenv.sh file.
3. Open the /var/lib/vco/app-server/bin/setenv.sh file using a text editor.
   
4. Define the variable ENABLED_PROTOCOLS which lists all protocols that you want to enable for outgoing HTTPS connections.
   
   For example:
   
   If you want to enable SSLv3, TLSv1, TLSv1.1, and TLSv1.2 type:
   
   ENABLED_PROTOCOLS="SSLv3,TLSv1,TLSv1.1,TLSv1.2"
   
   If you want to enable TLSv1 and TLSv1.2, type:
   
   ENABLED_PROTOCOLS="TLSv1,TLSv1.2"
   
   
5. Add this fragment to JVM_OPTS:
   
   Dhttps.protocols=$ENABLED_PROTOCOLS
   
6. Log in to the Orchestrator configuration interface and restart the Orchestrator server service.